Polar, makers of some of the best heart rate monitors and best running watches, experienced a cybersecurity attack this week. On 11 October, Polar posted a statement on the “updates” section of its website, informing users and customers that it was subject to ‘various levels of disruption’, and has shut down the login and signup pages as a result.
If you’re a Polar user, you might be worried your sensitive health data is at risk, but speaking to TechRadar, Polar says your data ‘has not been compromised’.
On its website, Polar states: “Polar’s online store in the United States has been subjected to various levels of disruption, resulting in the suspected compromise of individual users’ order information… According to preliminary information, only a few customers' account details have been accessed."
Polar went on to state: “The data breach has affected only a small portion of customers in Polar’s US online store. The breach does not apply to any other customer data stored by Polar. We want to emphasize that the data of Polar Flow users has not been compromised during the attack.” Polar echoed these sentiments in a statement made to TechRadar after we reached out for comment.
Polar emphasizes that users don’t need to do anything at this stage, although if you want to buy anything on the Polar website, you’ll have to do so from a guest account.
Analysis: Health data makes a tempting target
While in this instance, Polar states that order information rather than personal health data was compromised, Polar Flow makes a tempting target. Health data is incredibly valuable to hackers, advertisers, and even certain governments due to its intensely personal nature: imagine taking your medical records and GPS location, and giving that information to known criminals to sell to invasive advertising services and identity thieves.
Polar was at the center of a data leaking scandal back in 2018 due to flaws in user privacy settings, but things have tightened up since then. Garmin has also experienced its own cybersecurity problems, as Russian hacking group Evil Corp attacked Garmin in 2020, taking its services offline for more than three days.
How to protect your data
In this day and age, it’s hard not to put our trust in placing everything online. As TechRadar’s Senior Fitness and Wearables Editor, it’s my job to test the latest data-harvesting health gadgets: my information is probably scattered over a dozen different databases. So how can you protect yourself?
Generally, if you’re still receiving value from a service like Strava or Fitbit Premium, you have to continue supplying the service with your health data. It’s worth taking a look at fitness tracker privacy policies if you’re concerned about it, which should list if the data is shared with any third parties. If you’ve left data on a service you no longer use, and want to minimize the risk of being involved in a data breach, you may be able to ask the company to delete the data it has on you.
In the US, whether you have a right to delete data depends on what state you live in: according to the personal information removal service DeleteMe, there are only 12 US states with comprehensive privacy laws. In the UK, things are a bit simpler: you can use the Information Commissioner’s Office guidelines to withdraw consent to use your personal data in writing. Australians will also find it difficult to get their data removed, although the government has previously mooted enshrining a “right to be forgotten” into Australian law.
You might also like...
